Glossary
The glossary provides brief definitions of common security phrases and terminologies your team should know.
Access Control
Access control regulates who can view, use, or modify resources, balancing security and usability to protect data and maintain operational integrity.
Access Control List
Access Control List (ACL) is a security mechanism that specifies permissions for accessing resources, defining who can or cannot perform certain actions.
Active Directory (AD)
Active Directory (AD) is a Microsoft service used for managing networked resources, providing authentication and authorization.
Advanced Encryption Standard (AES)
AES is a robust symmetric encryption standard used worldwide for protecting sensitive electronic data.
Air Gap
Air gapping is a security measure isolating a computer or network, physically disconnecting it from external networks for enhanced protection.
Amazon Web Services (AWS) Security
Amazon Web Services (AWS) Security comprises measures to protect data, applications, and services within the AWS cloud environment.
Anomaly Detection
Anomaly Detection is a technique used to identify unusual patterns or behaviors that deviate significantly from the standard or expected behavior.
Antivirus Software
Antivirus software is a program that detects, prevents, and removes malware from your computer or network.
API Security
API Security involves protecting application programming interfaces (APIs) from threats and vulnerabilities in the interconnected digital ecosystem.
Application Layer
The Application Layer is the topmost layer in the OSI model, where network applications and user processes occur, interfacing directly with users.
Application Programming Interface (API) Token
An API Token is a unique identifier used for authentication, allowing secure communication between different software applications.
Application Security
Application security refers to the measures and practices taken to protect software applications from unauthorized access, vulnerabilities, and potential threats.
Asset Management
Asset Management in application security involves identifying, prioritizing, and monitoring software assets to reduce risk and enhance security.
Attack Surface
An attack surface is the sum of potential vulnerabilities that can be exploited by unauthorized users to infiltrate a system or network.
Attack Vector
An attack vector is a path or method used by a hacker to breach a computer system's security to deliver a malicious outcome.
Authentication
Authentication is the process of verifying the identity of a user, device, or entity to grant access to a system or resource.
Authorization
Authorization is the process of granting or denying access to resources or information based on predefined rules or permissions.
Behavior-Based Security
Behavior-Based Security is a proactive approach that detects threats by identifying anomalies from the normal behavior of a system.
Blacklisting
Blacklisting is a security measure blocking known harmful entities such as IP addresses, URLs, or software from system access.
Blue Team
A Blue Team is a group responsible for defending an organization's informational assets from cyber threats and breaches.
Bot Management
Bot management involves identifying, categorizing and responding to automated web traffic to mitigate risks and protect network resources.
Breaking Change
A "Breaking Change" is an alteration in software that disrupts existing functionality, potentially causing issues in dependent code or systems.
Brute Force Attack
A brute force attack is a trial-and-error method used to obtain information such as passwords, using exhaustive input attempts.
Buffer Overflow
Buffer Overflow is a flaw where excessive data written into a buffer can overflow it, leading to code execution or system crash scenarios.
Bug Bounty Program
A Bug Bounty Program is an initiative that rewards individuals for identifying and reporting software vulnerabilities.
Build Automation
Build Automation is the process of automating tasks in software development such as compiling code, running tests, and deployment.
Build System
A build system compiles and links source code into executable software, automating processes for consistency and efficiency in software development.
Bundler
A bundler is a tool that combines and optimizes multiple web development files and dependencies into fewer, streamlined output files for efficient loading.
Business Continuity Plan (BCP)
A Business Continuity Plan (BCP) is a strategy that ensures critical business operations continue during a disruption.
California Consumer Privacy Act (CCPA)
CCPA is a California law giving residents more control over their personal data, including knowing what is collected and opting out of sales.
Canary Release
A Canary Release is a deployment strategy where new software versions are rolled out to a small subset of users before a full release.
Certificate Authority (CA)
Certificate Authority (CA) is a trusted entity that issues and manages digital certificates to verify identities over a network.
Chain of Custody
Chain of Custody refers to the documented process that proves the integrity of data from collection through to presentation.
Change Management
Change Management is the process of managing and adapting to changes in an organization to minimize disruption and maximize efficiency.
Changelog
A changelog is a chronological record detailing notable changes made to software, aiding in transparency, trust, and security.
Clickjacking
Clickjacking is a web attack that deceives users by overlaying or hiding elements, tricking them into unknowingly clicking on malicious content or performing unintended actions.
Cloud Security
Cloud Security is a set of policies, controls, and technologies used to protect data, applications, and infrastructure in the cloud.
Code Commit
A code commit is the process of submitting changes to a version control system, marking the evolution of software projects.
Code Coverage
Code Coverage measures the extent to which source code is tested, indicating which parts are executed by tests, helping identify untested areas.
Code Injection
Code Injection is a security vulnerability that allows attackers to introduce malicious code into a program, altering its execution.
Code Obfuscation
Code obfuscation is a method used to make source code harder to understand or reverse engineer, thus enhancing software security.
Code Repositories
Code repositories are storage spaces where developers store and manage their source code, enabling version control, collaboration, and code reuse.
Code Review
Code Review is the systematic examination of source code for error detection and improvement of coding practices.
Code Signing
Code signing is the process of digitally signing executables or scripts, validating the software author and ensuring code hasn't been altered.
Codebase
Codebase refers to the whole set of source code that builds an application, including its dependencies and components.
Common Vulnerabilities and Exposures (CVE)
CVE is a list of publicly disclosed security flaws in software, providing a standardized method for identifying vulnerabilities.
Common Vulnerability Scoring System
Common Vulnerability Scoring System (CVSS) is a framework used to assess and rate the severity of security vulnerabilities in software or systems.
Common Weakness Enumeration (CWE)
CWE is a community-developed list of common software and hardware weakness types, used to identify and mitigate vulnerabilities.
Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)
CAPTCHA is a system used to distinguish human from machine input, typically as a way of thwarting spam and automated data extraction.
Compliance
Compliance refers to ensuring the software components and dependencies adhere to legal and regulatory standards.
Compliance Auditing
Compliance auditing is the process of checking if a company adheres to its stated policies, regulations, and industry standards.
Configuration Management
Configuration Management is the process of systematically managing, organizing, and controlling changes in a system's components throughout its lifecycle.
Container Security
Container Security ensures the integrity of containerized applications, safeguarding them from vulnerabilities and threats.
Containerization
Containerization is the method of encapsulating an application in a container with its own operating environment for consistent execution.
Content Security Policy (CSP)
A Content Security Policy (CSP) is a security feature that helps to prevent malicious attacks, such as cross-site scripting (XSS) and data injection attacks.
Continuous Deployment (CD)
Continuous Deployment is a strategy that automates the delivery of software changes to production after passing a series of automated tests.
Continuous Integration (CI)
Continuous Integration is a dev practice where developers merge code changes frequently to detect integration issues early and ensure code quality.
Contributor
A contributor in application security aids in project development, ensuring that security is integrated at every stage, from code to documentation.
CORS Policy
CORS policy controls how resources are accessed from different origins in a web app, defining what's permitted by the server.
Cross-Origin Resource Sharing (CORS)
CORS is a browser security feature allowing web pages from one domain to safely request resources from another domain.
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is an attack that tricks users into executing unwanted actions on authenticated web sessions.
Cross-Site Request Forgery (CSRF) DoS
Cross-Site Request Forgery (CSRF) DoS is a web attack that misuses authenticated sessions to flood a target, disrupting its service.
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into webpages viewed by other users.
Cryptanalysis
Cryptanalysis is the study of deciphering encrypted data and breaching cryptographic systems without knowing the encryption key.
Cryptographic Security
Cryptographic Security involves using cryptographic protocols to protect information and communications through encoding to ensure confidentiality.
Cyber Criminal
Cyber criminals are individuals or groups who use technology to commit illegal activities, often targeting digital systems and data.
Cyber Hygiene
Cyber hygiene refers to routine practices to maintain system health and improve online security against digital threats.
Cyber Resilience
Cyber Resilience is the ability to withstand, respond to, and recover from cyber threats while ensuring business continuity.
Cyber Threat Intelligence
Cyber Threat Intelligence is the process of gathering and analyzing information about potential attacks to prevent and mitigate cybersecurity risks.
Cybersecurity
Cybersecurity is the practice of protecting networks, devices, and data from digital attacks, damage, or unauthorized access.
Cybersecurity Framework
A Cybersecurity Framework is a set of guidelines to identify, protect, detect, respond, and recover from cyber threats, bolstering software security.
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC) is a unified standard for cybersecurity to protect U.S. Defense Department data.
Cyberwarfare
Cyberwarfare is the use of digital attacks by nations or groups to disrupt, damage, or gain unauthorized access to an adversary's computer systems.
Dark Web Monitoring
Dark Web Monitoring involves the surveillance of darknet markets and forums to detect leaked sensitive data or potential threats.
Data at Rest
Data at rest refers to inactive data stored on various mediums, often a target for cyber threats if not properly secured.
Data Breach
A Data Breach is an incident where unauthorized individuals access and extract sensitive, protected, or confidential data.
Data Classification
Data classification is the process of organizing data into categories based on its type, sensitivity, and relevance for efficient management and security.
Data Encryption Standard (DES)
The Data Encryption Standard (DES) is a symmetric-key method for encrypting data, widely used in the 1970s-1990s.
Data in Transit
Data in transit refers to digital information being transferred from one location to another over networks, making it vulnerable to threats.
Data in Use
Data in Use refers to data currently being processed, either by an application, a system, or a user, and is temporarily stored in memory.
Data Loss Prevention (DLP)
Data Loss Prevention (DLP) is a strategy for ensuring sensitive or critical information is not leaked, lost, or accessed unauthorizedly.
Data Masking
Data masking is a technique that replaces sensitive information with fictional yet realistic data to protect it during software testing.
Data Protection
Data Protection involves implementing measures to safeguard information from corruption, compromise, or loss, ensuring its confidentiality and integrity.
Data Sanitization
Data sanitization is the process of irreversibly removing or modifying data to prevent unauthorized access and data breaches.
Denial of Service (DoS)
Denial of Service (DoS) is an attack aiming to make a system or network resource unavailable to its intended users, disrupting services.
Dependency Confusion
Dependency Confusion is a cybersecurity attack that exploits software dependencies, causing package managers to install malicious packages.
Dependency Graph
A Dependency Graph in software development is a visual representation of interdependencies between different modules or packages.
Dependency Hell
"Dependency Hell" refers to complications arising from conflicting software dependencies, creating issues with functionality and security.
Dependency Management
Dependency management is the process of handling, tracking, and controlling the external libraries or packages a software project relies on.
Dependency Scanning
Dependency Scanning is a security practice that identifies and alerts about vulnerabilities in software dependencies, helping to mitigate potential risks.
Deployment Pipeline
A deployment pipeline automates software delivery, integrating continuous integration and delivery processes for faster, secure releases.
DevSecOps
DevSecOps integrates security practices into the DevOps process, facilitating early detection and remediation of security risks in software development.
Dictionary Attack
A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying a list of likely possibilities.
Digital Certificate
A Digital Certificate is an electronic document using PKI to verify the identity of a user or device, thereby ensuring secure communication.
Digital Forensics
Digital Forensics involves scientifically proven methods to collect, process, and interpret digital evidence, often used in cybercrime investigations.
Digital Signature
Digital Signature is a cryptographic method used to verify the authenticity and integrity of a digital message or document.
Disaster Recovery Planning (DRP)
Disaster Recovery Planning (DRP) is a strategy to recover and protect a business IT infrastructure in the event of a disaster.
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) is an attack from multiple sources aiming to overwhelm a network or service, causing unavailability.
Docker
Docker is an open-source platform that packages, distributes, and manages applications in lightweight containers for isolated, replicable computing environments.
Dynamic Application Security Testing (DAST)
DAST is a security testing method that checks applications during runtime to detect vulnerabilities.
Encryption
Encryption is a cryptographic method of converting plaintext data into ciphertext to prevent unauthorized access to information.
Endpoint Security
Endpoint security is the practice of safeguarding network entry points, like devices and software, from cyber threats.
Environment Variables
Environment variables are key-value pairs that configure software settings, ensuring flexibility and security by keeping sensitive data out of code.
Exploit
An Exploit is a piece of software, data, or command sequence that takes advantage of a vulnerability to cause unintended behavior.
File Integrity Monitoring (FIM)
File Integrity Monitoring (FIM) is a method that checks and reports changes to critical system and application files to ensure data security.
Firewall
A Firewall is a security system that controls incoming and outgoing network traffic based on predetermined security rules.
Fork
A "fork" in software development means creating an independent copy of a codebase, allowing parallel development without affecting the original.
Full Disclosure
Full Disclosure is the practice of publicly revealing details of a security vulnerability, often after a fix is available.
Fuzz Testing
Fuzz Testing is a software testing technique that inputs invalid, unexpected, or random data into a program to uncover vulnerabilities and identify potential security flaws.
General Data Protection Regulation (GDPR)
GDPR is a regulation in EU law that ensures data protection and privacy for individuals, regulating how personal data is processed and moved.
Git
Git is a distributed version control system used by developers for tracking changes in source code during software development.
GitHub
GitHub is a web-based platform for version control and collaboration, primarily used for code sharing and development projects.
Google Cloud Platform (GCP) Security
Google Cloud Platform (GCP) Security involves protections for data, applications, and services within the GCP cloud environment.
GraphQL
GraphQL is a data query language for APIs, and a runtime for executing those queries, allowing clients to specify exactly what data they need.
Hacking
Hacking refers to the unauthorized access into computer systems by exploiting vulnerabilities to alter, steal, or disrupt data.
Hashing
Hashing is a process that takes input data of any size and returns a fixed-size string of bytes, used for data integrity and password storage.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is a US law that sets standards for the protection of sensitive patient health information, ensuring privacy and data security.
Heuristic Analysis
Heuristic analysis is a cybersecurity technique that detects potential threats by examining data or activities for suspicious behaviors or structures.
Honey Pot
A honeypot is a decoy system set up to lure cyber attackers and detect, deflect, or study their actions for future protection.
Hypertext Transfer Protocol Secure (HTTPS)
Hypertext Transfer Protocol Secure (HTTPS) ensures secure communication between web browsers and websites, protecting data through encryption and authentication.
Identity and Access Management (IAM)
IAM is a framework for managing digital identities and their access to resources, ensuring the right individuals access the right resources.
Information Security (InfoSec)
Information Security (InfoSec) involves protecting information from unauthorized access, ensuring confidentiality, integrity, and availability.
Infrastructure as Code (IaC)
Infrastructure as Code (IaC) automates the provisioning and management of IT infrastructure using code and software development techniques.
Injection Attacks
Injection attacks exploit vulnerabilities in software by inserting malicious code, leading to unintended actions.
Input Validation
Input Validation is the practice of verifying the format, length, and type of data to prevent processing of harmful or undesired input.
Insider Threat
An Insider Threat is a risk posed by individuals within an organization who have access to sensitive information or systems.
Interactive Application Security Testing (IAST)
IAST is a testing method combining static and dynamic analysis, analyzing applications during runtime for vulnerabilities and code errors.
Intrusion Detection System (IDS)
An Intrusion Detection System (IDS) is a device or software application that monitors network or system activities for malicious activity.
Intrusion Prevention System (IPS)
An Intrusion Prevention System (IPS) is a network security tool that can identify and prevent known threats by inspecting traffic in real-time.
IP Address Blocking
IP address blocking is a security measure that prevents specific IP addresses from accessing a network or website.
ISO/IEC 27001
ISO/IEC 27001 is an international standard that provides a framework for managing and maintaining an organization's information security management system.
JSON Web Token (JWT)
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties for web-based authentication.
Keystroke Logging
Keystroke logging, or keylogging, is a method used by cybercriminals to surreptitiously record a user's keystrokes to gather sensitive information.
Kubernetes
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications across clusters of hosts.
LDAP Injection
LDAP injection is an attack exploiting an application's improperly sanitized LDAP queries to manipulate or access data.
Least Privilege Principle
The Least Privilege Principle advocates granting minimum necessary access to users, programs, or processes for security purposes.
License Compliance
License compliance is adhering to the terms of software licenses to avoid legal issues and respect developers' rights.
Logging and Monitoring
Logging and Monitoring involve recording and analyzing system activities to detect anomalies, improve performance, and enhance security.
Maintainer
A maintainer manages and safeguards open source projects, overseeing code merges, releases, and community engagement, ensuring quality and security.
Malware
Malware is malicious software designed to cause harm to a user's computer, server, client, or computer network.
Man-in-the-Middle Attack (MitM)
A Man-in-the-Middle (MitM) attack is a cybersecurity threat where a malicious actor intercepts and potentially manipulates communication between two systems.
Manifest Confusion
"Manifest confusion" refers to the fact that in the npm ecosystem, a package's manifest and its tarball are published independently.
Memory Scraping
Memory scraping is a cyber-attack method where sensitive data is extracted from a system's active memory.
Merge Conflict
A merge conflict arises when two code branches in version control have contradictory changes, disrupting a seamless merge.
Message-digest Algorithm
Message-digest algorithms are cryptographic hash functions that ensure data integrity by producing a unique fixed-size byte string from any input.
Microservices
Microservices is an architecture style structuring an application as a collection of loosely coupled, independently deployable services.
Microsoft Azure Security
Microsoft Azure Security refers to the safeguards provided within the Azure cloud service to protect data, applications, and services.
Minification
Minification is the process of compressing code by removing unnecessary characters, improving web performance without changing functionality.
Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is a security method requiring users to provide two or more verification factors to gain access.
National Vulnerability Database (NVD)
NVD is the U.S. government's repository of standards-based vulnerability management data, including CVEs.
Network Security
Network Security involves policies and practices adopted to prevent and monitor unauthorized access, misuse, or denial of a computer network.
Network Security Policy (NSP)
A network security policy is a set of rules for protecting a network's infrastructure, defining user access, and mitigating threats.
Node Modules
Node modules are reusable blocks of code in Node.js applications, utilized to streamline development and enhance functionality.
Node.js
Node.js is an open-source, cross-platform JavaScript runtime environment used to develop scalable network applications.
npm (Node Package Manager)
npm (Node Package Manager) is the default package manager for Node.js, facilitating the discovery, installation, and management of code packages.
npm audit
npm audit is a tool in npm CLI that identifies and reports known vulnerabilities in a project's dependency tree.
npm Registry
The npm Registry is an online repository for publishing and managing reusable JavaScript packages.
npm-shrinkwrap.json
npm-shrinkwrap.json locks specific dependency versions in npm projects, ensuring consistent installs across setups and environments.
npx (npm package runner)
npx is a tool packaged with npm, enabling developers to execute Node.js packages without global installation, streamlining dependency management.
OAuth
OAuth is an open-standard protocol for secure delegated access, allowing users to share private resources stored on one site with another.
Open Source Software
Open Source Software (OSS) is software that is freely available, allowing users to view, modify, and distribute its source code without restrictions.
Open Web Application Security Project (OWASP)
OWASP is a nonprofit dedicated to improving web application security, providing resources like the Top 10 list of most critical security risks.
Open Web Application Security Project (OWASP) Dependency-Check
OWASP Dependency-Check is a tool that identifies known vulnerabilities in a project's dependencies.
Open Web Application Security Project (OWASP) Top 10
OWASP Top 10 is a standard document outlining the most critical security risks to web applications, intended to guide secure development.
OpenID Connect (OIDC)
OpenID Connect is a simple identity layer on top of OAuth2, allowing clients to verify users' identities based on the authentication by an authorization server.
Package-lock.json
Package-lock.json is an auto-generated file by npm, locking exact versions of project dependencies for consistency and security.
Package.json
package.json is a key file in Node.js projects, housing project metadata, and managing dependencies for efficient setup and execution.
Password Policy
A password policy outlines rules for creating and managing secure passwords, serving as a key defense against unauthorized access.
Patch Management
Patch management is the process of regularly updating and applying software patches to fix vulnerabilities and enhance security.
Patch Tuesday
"Patch Tuesday" refers to the second Tuesday of each month when Microsoft releases software updates to fix known issues.
Payload
A Payload is the part of an exploit that performs a malicious action, such as providing unauthorized access or launching a Denial of Service attack.
Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS is a set of security standards designed to ensure that all companies accept, process, store or transmit credit card information securely.
Penetration Testing (PenTest)
Penetration Testing (PenTest) is a method of evaluating the security of a system by simulating attacks from malicious sources.
Phishing
Phishing is a deceptive practice to obtain sensitive information by masquerading as a trustworthy entity in digital communication.
pip (Python Package Index)
pip is a package manager for Python, used to install and manage software packages from the Python Package Index (PyPI).
postinstall scripts
Postinstall scripts automatically run after a package is installed, aiding setup but posing potential security risks in open source software.
Privilege Escalation
Privilege Escalation is a security exploit where a user gains elevated access levels, such as administrative privileges, often through system flaws.
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI) is a system for creating, storing, distributing, and revoking digital certificates to enable secure communications.
Pull Request
A pull request (PR) is a proposal to change a codebase, offering a platform for collaborative review, ensuring code quality and security.
Python
Python is a high-level, interpreted programming language, renowned for its readability, simplicity, and wide range of applications.
Python Package Index (PyPI)
PyPI, or Python Package Index, is a repository of software packages for the Python programming language used by developers worldwide.
Rainbow Table
A rainbow table is a precomputed table for reversing cryptographic hash functions, often used to crack password hashes.
Ransomware
Ransomware is malicious software that encrypts a victim's data, demanding a ransom for its decryption and access restoration.
Ransomware as a Service (RaaS)
Ransomware as a Service (RaaS) is a business model where cybercriminals rent out ransomware tools to other criminals, facilitating easier cyber attacks.
Rate Limiting
Rate limiting is a technique to control the amount of incoming or outgoing traffic a network or a service can handle within a time period.
Readme.md
A readme.md is a documentation file in repositories, offering essential info about a project, its setup, usage, contribution guidelines, and more.
Red Team
A Red Team is a group that challenges an organization to improve its effectiveness by simulating potential adversaries.
Remote Access Trojans (RATs)
Remote Access Trojans (RATs) are malware that provide unauthorized control over a victim's computer, often for data theft or surveillance.
Remote Code Execution (RCE)
Remote Code Execution (RCE) is a vulnerability that allows an attacker to execute arbitrary commands or code on a victim's system remotely.
Remote Desktop Protocol (RDP)
Remote Desktop Protocol (RDP) is a Microsoft protocol enabling remote computer access over a network connection.
RepoJacking
Repojacking is a cyber attack where perpetrators hijack a software repository to inject malicious code into open-source packages.
Repository
A repository, or "repo", is a storage location for software code and assets, aiding in version control and collaboration in software development.
Representational State Transfer (REST)
Representational State Transfer (REST) is an architectural style for building web services using standard HTTP methods for interaction.
Requirements.txt
requirements.txt is a Python file that lists project dependencies to ensure consistent setup across different environments.
Responsible Disclosure
Responsible Disclosure is a process where vulnerabilities found in software are privately reported to the vendor before public release.
Reverse Engineering
Reverse Engineering is the process of disassembling a product/software to understand its components, functionality, and underlying structure.
Risk Assessment
Risk Assessment: The process of identifying, evaluating, and prioritizing potential risks to determine their likelihood and potential impact on an organization or project.
Risk Management Framework (RMF)
The Risk Management Framework (RMF) is a process for identifying, assessing, and managing cybersecurity risks in an organization.
Rivest–Shamir–Adleman (RSA) Open Cryptosystem
The Rivest–Shamir–Adleman (RSA) cryptosystem is a widely-used public-key encryption method based on the math of large prime numbers.
Role-Based Access Control
Role-Based Access Control (RBAC) is a security approach that restricts system access based on predefined roles assigned to users, simplifying permission management.
Rootkit
A rootkit is a stealthy type of malware that grants unauthorized access and control over a system, often hiding its presence.
ROT13
ROT13 is a simple substitution cipher that shifts letters 13 places in the alphabet, used to obscure text online.
Runtime Application Self-Protection (RASP)
RASP is a security technology that detects and mitigates attacks on applications in real-time, from within the app's runtime environment.
safety (Python package)
'Safety' in Python packages refers to the absence of security vulnerabilities, ensuring secure and reliable open-source code usage.
Salt
Salt is a random data added into a hash function to prevent identical inputs from generating the same hash, enhancing security.
Sandbox
A sandbox is a secure, isolated environment where programs can be tested or run without affecting the rest of the system or network.
Sandbox Environment
A sandbox environment is an isolated space for safe testing and analysis of code or software, preventing risks to production systems.
Secret Management
Secret Management is the process of safeguarding digital credentials like API keys and passwords to ensure secure access to sensitive resources.
Secrets as a Service
Secrets as a Service offers centralized cloud-based management and storage of sensitive data like API keys, ensuring access only by authorized entities.
Secure Coding Practices
Secure Coding Practices involve guidelines and procedures to prevent the introduction of security vulnerabilities during software development.
Secure Development Lifecycle (SDLC)
Secure Development Lifecycle (SDLC) is a framework that incorporates security considerations into each phase of software development process.
Secure File Transfer Protocol (SFTP)
SFTP is a network protocol that provides secure, reliable file transfers over an unsecured network using SSH encryption.
Secure Hashing Algorithm (SHA)
The Secure Hashing Algorithm (SHA) is a cryptographic method to ensure data integrity through unique, fixed-size hash values for given inputs.
Secure Shell (SSH)
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.
Secure Socket Layer (SSL)
Secure Socket Layer (SSL) is a deprecated protocol designed to secure communications over a network by using encryption, superseded by TLS.
Security Advisory
Security Advisory is a communication on a security vulnerability identified in a system, and how to fix or mitigate it.
Security as Code
Security as Code is the practice of integrating security measures and processes into the software development lifecycle, enabling automated security checks and ensuring secure code and deployments.
Security Assertion Markup Language (SAML)
SAML is a standard for exchanging authentication and authorization data between parties, enhancing web application security.
Security Baseline
A Security Baseline is a set of standards and controls serving as a minimum level of security to protect IT assets.
Security by Design
Security by Design is a proactive approach to software development where security is integral from the design phase, not an afterthought.
Security Headers
Security Headers are HTTP response headers that, when configured properly, can enhance the security of a web application against attacks.
Security Incident
A Security Incident is an event that leads to a compromise in the integrity, availability, or confidentiality of an information system.
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) is a set of tools for managing, analyzing, and reporting on security event data in real-time.
Security Misconfiguration
Security Misconfiguration occurs when a system's security settings are defaulted, outdated or improperly set up, exposing it to threats.
Security Operations Center (SOC)
A Security Operations Center (SOC) is a team that monitors and improves an organization's cybersecurity, detecting and responding to incidents.
Security Orchestration, Automation, and Response (SOAR)
SOAR is a stack of solutions that enables automated response and threat management, improving efficiency of security operations.
Security Posture
Security posture refers to the overall strength of a system's security measures, including policies, controls, and practices, to protect against vulnerabilities and threats.
Security Risk
Security risk refers to potential threats that can compromise the confidentiality, integrity, and availability of digital data or systems.
Security Tokens
A Security Token is a digital identifier used to authenticate and authorize users or processes in software systems.
Semantic Versioning (SemVer)
Semantic Versioning (SemVer) is a versioning scheme for software that reflects changes in a format of MAJOR.MINOR.PATCH.
Serverless Architecture
Serverless Architecture is a computing model where cloud providers dynamically manage resources, allowing developers to focus on code.
Session Hijacking
Session hijacking is exploiting a valid computer session to gain unauthorized access or control over a system or network.
setup.py (Python)
setup.py is a Python script used for distributing Python packages, handling dependencies, and facilitating easy installation and sharing of code.
setuptools (Python)
setuptools is a Python tool that facilitates packaging, distributing, and installing software, ensuring code is easily shared and implemented.
Single Sign-On (SSO)
Single Sign-On (SSO) is an authentication process allowing users to access multiple services with a single set of login credentials.
Software Bill of Materials
Software Bill of Materials (SBOM) is a comprehensive inventory listing of all components and dependencies used in a software application.
Software Composition Analysis
Software Composition Analysis (SCA) is the practice of identifying and managing open source and third-party components used in a software to detect vulnerabilities and ensure license compliance.
Software Integrity
Software Integrity is the degree to which software is free from flaws, performs its intended functions accurately, and is trustworthy.
Spear Phishing
Spear phishing is a targeted phishing attack aimed at a specific individual or organization to steal sensitive information.
Spyware
Spyware is a type of malicious software that secretly collects user data and activity without their knowledge or consent.
SQL Injection
SQL Injection is a code injection technique where an attacker can execute malicious SQL queries that control a web application's database.
SSH Key
An SSH Key is a cryptographic tool for secure remote access and encrypted communication in the SSH protocol.
Static Application Security Testing
Static Application Security Testing (SAST) is a method of analyzing source code for vulnerabilities without executing the application.
Supply Chain Attack
Supply Chain Attacks compromise software or services at the source, affecting downstream users. They are rising due to increased OSS usage and advanced cyber tactics.
Supply Chain Security
Supply Chain Security refers to efforts to enhance the security of supply chain systems, mitigating risks from manufacture to delivery.
Third-Party Risk Management (TPRM)
Third-Party Risk Management is the process of identifying and mitigating risks associated with outsourcing to third-party vendors.
Threat Modeling
Threat modeling is a process of identifying, evaluating, and prioritizing potential threats to a system or organization's security in order to implement effective safeguards.
Tokenization
Tokenization is a security technique that replaces sensitive data with non-sensitive tokens, reducing the risk of data breaches.
Transport Layer
The Transport Layer in the OSI model manages data transmission, providing reliable, ordered, and error-checked delivery of packets.
Transport Layer Security (TLS)
Transport Layer Security (TLS) is a cryptographic protocol providing secure communications over a network, often used in web browsers.
Triple Data Encryption Algorithm (TDEA or Triple DEA)
TDEA (Triple DEA) is a cryptographic method that applies the DES algorithm three times to enhance data encryption security.
Trojan Horse
A Trojan horse is a malicious program disguised as benign software, used to infiltrate systems and execute harmful actions.
twine (Python)
Twine is a tool for securely uploading Python packages to the Python Package Index (PyPI).
Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA) is a security process that requires two methods of identity verification before granting access.
Two-Person Integrity (TPI)
Two-Person Integrity (TPI) is a security measure requiring dual approval for critical actions to prevent unauthorized or harmful changes.
User Behavior Analytics (UBA)
User Behavior Analytics (UBA) is a cybersecurity approach that identifies abnormal user activities to detect potential security threats.
Version Control
Version control is a system that tracks changes to files over time, enabling specific versions to be recalled later.
Virtual Environment (Python)
A Python virtual environment is an isolated workspace for managing project-specific dependencies, avoiding conflicts between projects.
Virtual Machine (VM)
A Virtual Machine (VM) is a software emulation of a computer that runs an operating system and applications like a physical computer.
Virtual Private Network (VPN)
A Virtual Private Network (VPN) extends a private network across a public network, enabling users to send and receive data securely.
Virtualization Security
Virtualization security refers to the measures taken to protect virtual environments, like virtual machines and servers, from cyber threats.
Vulnerability
Vulnerability refers to a weakness in a software system that can be exploited by attackers to compromise its security.
Vulnerability Management
Vulnerability Management is the proactive process of identifying, assessing, prioritizing, and mitigating security vulnerabilities in a system or network.
Web Application Firewall (WAF)
A Web Application Firewall (WAF) is a security measure that filters, monitors, and blocks HTTP traffic to and from a web application.
Webhook
A Webhook is a method of augmenting or altering the behavior of a web page with custom callbacks for real-time data updates.
Webpack
Webpack is a module bundler for JavaScript, streamlining code into compact, browser-ready files.
Wheel (Python Packaging Format)
The Python Wheel is a pre-compiled packaging standard, ensuring faster, consistent, and easy-to-use distribution of Python software.
Whitelisting
Whitelisting is a security practice where only pre-approved and specified systems, applications, or users are granted access privileges.
Worm
A worm is a type of malware that self-replicates and spreads independently, causing harm by exploiting network vulnerabilities.
XML External Entity (XXE)
XML External Entity (XXE) is an attack exploiting XML parsing, allowing unauthorized access to data or system operations.
Yarn (Package Manager)
Yarn is a fast, reliable, and secure package manager for JavaScript, enhancing dependency management and project workflow.
Zero-Day Vulnerability
A Zero-Day Vulnerability is a software flaw unknown to those who should be interested in its mitigation, often exploited before detection.